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Introduction: 


A proxy server that intercepts all the traffic passing through it and analyzeg 
address. If it matches the known VPS/N provider IPs, then it will block 


VPNs IPs. 


PfSense & Squid proxy server was used to deploy a prox 
client and the internet gateway router, thus logging an 
per its configuration of it. 


Aims & Objectives: 


Deployed PfSense proxy server betWé@em.the LAN Clients and the internet gateway. The 
proxy had to be in the subnets gf th erswbP to which the client is connecting to or else 
r proxy server would be accessible depending on 
the client’s IP in subnet of the ro Pyproxy server). 


The proxy firewall rule it blocks the traffic by IP depending upon choice. The 
DNS were still n pey first resolve into IPs at the DNS server by it, and the 
DNS server th e client to that requested website. 


C:\Users\muhhu>nslookup 
Default Server: dns.google 
Address: 8.8.8.8 


: F167 :81:face:b@c:0:25de 
+35) 


Seah tacrentcon > pearl-intl.com 
ver: dns.googl . 
= Goo Server: dns.google 
Address: 8.8.8.8 


4 Non-authoritative answer: 
> islamabadrunwithus.com Name = pea rl-intl -com 


solar Address: 68.65.122.97 
Non-authoritative answer: 
islamabadrunwithus.com 
: apereepeirh ats > 68.65.122.97¢ 
i C: \Users\muhhu>nslookup 
> 50.62.141.182 
jer: dns. google Default Server: UnKnown 
Address: fec0@:0:0:ffFF: :1 


182.141.62.58.host.secureserver.net 
: 50.62.141.182 


227.35 > pearl-intl.com 
Hine: Server: UnKnown 
Address: fec@:0:0:fffF::1 


shv-@1-mct1. facebook .com 


processing is displayed. 


Through using a tool ‘PfblockerNG’, the domai 
list in ‘DNSBL’ functionality of the mentioned to 


ere blocked through putting them ina 
in ‘DNSBL Groups’. Hence when done, 


g a link that had all of them stored in it. The tool 
ed and reloaded the config to block the updated 


is to block it when the client (private IP) initially requested the connection for VPNs IP, so 
that the request never reach the router and the router never fetches data from VPN 
servers. 


I identified proton VPNs Japan IPs that it was assigning to me upon multiple connection 
establishments. Rather than identifying me as a client who is establishing connection and 


breaking it again and again, it kept on servicing me and assigning their IP to me (a flaw). 

Hence when I identified majority of the IPs, I kept them in a list statically and put them in 
DNSBL functionality of ‘PfblockerNG’, and blocked it, but haven’t yet tested the working 
as their must me some Tunneling and stuff that I’m missing at the point. 


In Squid proxy server, the IPs that were to be blocked reaching were mentioned in the 
configuration. It worked for blocking website access, though failed to stop VPN 
connection and data exchange due to tunnelling and stuff. 


UFW firewall had also failed to do so(block VPN connection establishmeftt) i ional 
manner. 


Learning Outcomes: 


IPs divided in subnets can be accessed via subnet rangin Subnet is 2', IP/24 subnet 


By default, the Squid proxy server was running7in the localhost '127.0.0.1' which was 


though fine for the client itself u which the proxy was running, but not for the LAN 


subnets that are required the proxy. Hence through 'http_access 


ned to the proxy. 


hen I do ‘http_access deny all’, it executed correctly and the firefox fails to 
fetch any results when browsed. Hence there isn’t an issue with the requests not passing 
through the proxy serve. But when the IPs are blocked of VPNs, they don't comply as 
demanded in .conf file. 1 presume that websites will be blocked (without DNS, but IPs only), 


though I still have to test it. 


There are a lot of insites while checking, configuring and understanding the configuration 


of PfSense. I’ll continue to use more features it provides. It really is a software glory. 


ID Seperation - News... 1B 0g Adore |Shanta Hol. @ ‘Ufe under Hamas i @_Outreachy eligibalt ” ¢ Music » BE All Bookmarks 
oonesemaD eneteaetnee 
Please follow these instructions (2 


structions 
@ Dashboard | Ta Hosts ts A it 


@ Top Hosts (Send+Receive) 


Click on the host for more information. 


Hosts packets receive 


Fjsense 


Protocol Source yteway Queue Schedule Description Actions 
Anti-Lockout Rule 2 
Block bogon networks 2 
none pfB_PRI1_v4 auto rule L/OOD 
none pfB_betting_v4 auto rule &/OOT 
pfB_ONSBLIP es none pfB_DNSBLIP_v4 auto rule &/O00T 


v4 


Firewall rules defining 


ic ot 10.1.30, 


EB alllabs Separation - Newsp.. [B) What Went Wrong Adore | Shanta Hol.. @ ‘Life under Hamas i. @ Outreachy eligibilit ¢ Royalty Free Music 


Fjisense 


COMMUNITY EDITION 


Status / Traffic Graph e 


Traffic Graph 


Controls 


Traffic Graph 


LAN @ian (in) Bran (out Host IP Bandwidth In Bandwidth Out 
me 10,1,31.68 133.69k Bits/sec 13,20k Bits/sec 

10.1,30.2¢ 13.20k Bit 
10.1 0.00 Bi ec 


34:33 


—— Se 0.64 Bits braffiegraph 
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LAN NODES 


Wireless LAN adapter Local 


Media State . atece 
Connection-specific DNS 


Wireless LAN adapter Local 


Media State . 5. c 
Connection-specific DNS 


Wireless LAN adapter Wi-Fi: 


Connection-specific DNS 
IPv4 Address. 

Subnet Mask . 

Default Gateway 


sers\muhhu> 


echanism of proxy server deployme 


Area Connection* 1: 


: Media disconnected 


Area Connection* 16: 


Media disconnected 


ome .arp 

92.168.100.50 

55 B2550 
- 168.100. 


ipconfig of IPv4 & router gateway 


Internet Protocol Version 4 (TCP/IPv4) Properties x | Internet Protocol Version 4 (TCP/IPv4) Properties 


General General 


Ye TP settings assigned automatically if ‘twork supports 
You can get IP settings assigned automatically if your network supports Senchpcbben. Cauerease, souseed to ak sor ered eiehaneeter 
this capability. Otherwise, you need to ask your network administrator for the appropriate IP settings. 
for the appropriate IP settings. 
© Obtain an IP address automatically 
© Obtain an IP address automatically @se the following IP address: 
@ Use the following IP address: IP address: 10. 1.31.68 
IP address: Subnet mask: 255.255. 0.0 
se ot eee 
Default gateway: Obtain DNS server address automatically 
@ Use the following DNS server addresses: 
Obtain DNS server address automatically Preferred DNS server: 
@ Use the following DNS server addresses: Alternate DNS server: 
Preferred DNS server: #.8.8.8 
3 (Validate settings upon exit . : 
Alternate DNS server: as 4 inputting 
and manual definning in ’ncpa.cpl’ 


https:/ -youtube.com/watch?v=KWwOU1z5E8E 


https://www.topbestalternatives.com/ccprox 


https://www.technadu.com/what-port-does-vpn-use/281303/ 


https://www.digitalocean.com/community/tutorials/how-to-set-up-squid-proxy-on- 
ubuntu-20-04 


https: //wiki.squid-cache.org/RoadMa 


https://wiki.squid-cache.org/ConfigExamples/WebwasherChained 


https://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxLocalhost 


https: //www.freshports.org/net/rsync 


https://www.patreon.com/ pfBlockerNG 


